block directory requests with mod_security

NightStorm

Well-Known Member
Jul 28, 2003
285
4
168
cPanel Access Level
Root Administrator
Twitter
Hey everyone, need someone who knows mod_security to give me a quick hand setting up a rule.
What I want to do is block all access to a specific directory server-wide with mod_security.
So say someone were to query www.mydomain.com/notreallyhere/... I want mod_security to intercept that request and 503 the user.
Anyone know how to get a rule to do that?
 

Secmas

Well-Known Member
Feb 18, 2005
358
11
168
Hey everyone, need someone who knows mod_security to give me a quick hand setting up a rule.
What I want to do is block all access to a specific directory server-wide with mod_security.
So say someone were to query www.mydomain.com/notreallyhere/... I want mod_security to intercept that request and 503 the user.
Anyone know how to get a rule to do that?
If you are using rules from GotRoot or ASL, modify the file called MALWARE-SCRITP.TXT and add in there the domain+directory that you want to block, easy as that.

After you restart apache no one will enter into that directory anymore.

Regards,

Sergio
 

NightStorm

Well-Known Member
Jul 28, 2003
285
4
168
cPanel Access Level
Root Administrator
Twitter
Not quite what I'm after...
I want to catch all requests coming in to a specific directory across all sites on my server... irregardless of where the request is originating from.
Also, I'm not using ASL rules... I have a different set of rules loaded... can't remember where I got them from... I think someone posted them here at some point, actually. Either way, it's somewhat unrelated to what I'm looking for.
 

Secmas

Well-Known Member
Feb 18, 2005
358
11
168
Well, in your first post you wrote:
... What I want to do is block all access to a specific directory server-wide with mod_security.
So say someone were to query www.mydomain.com/notreallyhere/... I want mod_security to intercept that request and 503 the user.
If you do as I said, everybody will be blocked trying to enter into that directory on that specific domain. But if you don't have GotRoot modsec rules, then what I wrote will not help you, sorry.

On the other hand, you can write at AtomiCorp Forum (creators of GotRoot rules) asking for help on creating the rule that you need.

Regards,

Sergio